Reduce Your Data Backup and Recovery Costs With Tiered Storage

Topics: Data Backup and Archiving

Tiered storage is about matching the different kinds of data in your enterprise with the right storage solution. Here’s how to analyse the price, performance, capacity and function of each storage system to create a cost-effective and efficient multilevel solution.

Tiered storage offers two main advantages. Firstly, using the most expensive storage only for applications that need it saves money by allowing lower-cost options for the rest. Secondly, tiering cuts capital expenses by extending the life of expensive hardware. It can also reduce operating expenses by lowering the costs of managing and maintaining high-performance drives.

Take the case of Harry, a new employee at LearnWell Community College. Although the College didn’t hire him as a professor, he knew he’d be doing plenty of mentoring. As the new Director of Information Technology, he’d have to work with his team to completely remap the network’s storage system, re-educating all users in the process.

Harry faced a cobbled-together mess of pricey components. The College stored electronic versions of its records, some going back as far as the 98-year-old institution itself, in onsite disk systems, even though they were rarely touched. Moreover, the system lacked a disaster recovery plan should it face a disaster or a meltdown.

As his first task, Harry set out to revamp the College's data recovery and backup plan. He had to take the storage system from one that was barely functional to an exemplary model, and teach the staff how to reach archived materials. To do that, he had to implement a classification system to sort data based on use, then house it in a well-designed tiered storage system. This new system needed to be far more cost-effective than the current one, even after redundancy was added.

The Virtues of Tiering

For those not familiar with the term, “tiered storage” might sound like a giant wedding cake made of hard drives. Actually, it’s not a bad analogy. The system creates multiple layers of storage, just like the levels of a multi-tiered cake:

  • The top tier holds mission-critical data used on a daily basis in more convenient (but also more expensive) storage media.
  • The lower tiers house less critical data in cheaper storage media, such as backup tape systems.

Businesses typically switch to tiered storage as a cost-cutting move, especially in the rapidly evolving climate of Big Data. Organisations are finding their data libraries are growing so quickly that keeping them on local disks simply isn’t affordable. They need an archiving system that separates the essential from the rest, and stores each type of data appropriately.

Regulations controlling data storage are tightening and can include directives on what kind of data your organisation needs to retain. Here’s how a well-conceived three-tier storage system addresses these and other key issues:

  • Tier 1: Data that’s essential to your firm’s daily operations and/or is highly confidential.
  • Tier 2: Data you need to access from time to time.
  • Tier 3: Information you rarely, if ever, access. It’s likely to be stored until your data lifecycle plan calls for its secure destruction. Backup tape systems that offer a high level of security and cost-effectiveness are an excellent Tier 3 media option.

The Long Arm of the Law

The pending European Union General Data Protection Regulation (GDPR) will become a major law with global impact. It is set to replace the 1995 Data Protection Directive known as EU Directive 95-46-EU. The 1995 Directive has served the European community well for 20 years but has become outdated as a consequence of advances in technology, judicial rulings and intellectual thought. It is important to note from a legal view point that the GDPR, being a regulation, carries much stronger legal requirements than the 95 directive: the regulation is a mandate, whereas the directive was guidance. It is imperative to understand that essentially organizations everywhere, both within and external to the European Union, will be impacted by the GDPR.

The GDPR has not been finalised to date (January, 2015) and will have to clear several additional legislative hurdles before becoming law within the EU. It is expected that the European Council will continue to work at a technical level through the second quarter of 2015. Negotiation on the proposed text between the Council and the European Parliament will start when the Council is ready. In early 2016, agreement between the various parties on the draft is expected and then the revised finalized Data Protection framework is expected to come into force in 2018.

There are concepts and definitions within the GDPR that businesses need to understand:

  • Data subject and personal data-Data subjects are people who can be directly or indirectly identified from their data.
  • Legitimate interest pursued by a controller(Article 6(1) (f)) - This is one of six grounds for the lawfulness of processing. The legitimate interest of the data controller must not override the fundamental rights and interests of the data subject, especially when the data subject is a child. The five other grounds for the lawfulness of processing are: consent, the need to perform a task in the public interest, the need to fulfil a contract, a legal obligation, and the data is necessary to the vital interests of the data subject.
  • Consent -This is defined as freely given, specific and explicit indication of wishes either by statement or by clear affirmative action.
  • Portability- Data subjects should be able to obtain a copy of the data in a format that allows them to use it further (Article 18(1)). Second, if data is processed based on consent or contract, data subjects should be able to take the data they have supplied with them when changing service providers (Article 18 (2)).
  • The right to be forgotten -The right to erasure or the right to be forgotten, has already sparked discussion. There are two specific actions;
    • First, when the data controller has no reason to further process data, or when the data has been processed in breach of the Regulation, the data subject is entitled to have the data deleted (Article (17(1)). The data subject must submit a request asking the data controller to delete the data.
    • Second, where the controller has already made the personal data public, the controller must then take all reasonable steps to inform third parties who are processing the data of the request to delete any links to or copies of the personal data (Article 17 (2)).
  • Data breach notification – When information is compromised due to malicious intent or inadvertent disclosure, Article 31 requires data controllers to notify their supervisory authorities within 24 hours of discovery of a breach.

Planning for Tiers

Give yourself enough time to create your tiered storage system. In most cases, it can take months to conceive, build, test and refine it. And, of course, you should monitor it constantly to identify areas that need improvement.

Expect some departmental competition as you set up the tiers. Your marketing team may insist its documents are all crucial, while Sales may believe its documents are purely Tier 1. That said, both may want to skip tiering altogether and keep all their documents in local or cloud storage.

Rather than set up a system where employees sort and back up tiered data by hand, you should create an automated system in order to avoid all the hassle. Implement a hierarchical storage management system to automatically move stored data between tiers. Another method to drive the use of tiered storage is to implement a chargeback system, through which departments can monitor the real costs of their data storage. Once they’re aware of the costs, employees should be eager to use tiered storage and save money.

Follow these three steps to implement your system:

Step 1: Choose the number of tiers. Each type of tier is a potential money-saver for your organisation, since you have the opportunity to use the least expensive type of storage. The more tiers you create, the finer the level of control you have. However, with more tiers comes greater complexity, so plan judiciously.

The number of tiers your company should maintain depends on the number of different data types in your enterprise. Two other influencers include your Recovery Point Objectives (RPOs) - the amount of data loss you’re willing to accept during a recovery - and Recovery Time Objectives (RTOs) - the amount of time that recovery takes. Tiered systems commonly include from two to ten tiers.

Step 2: Determine each tier’s storage needs. Does the material need to reside onsite, or could it be stored at a remote location? Do you use the material frequently or rarely? What kind of security

do you need? Review the specifications of your storage options to assess which solution best fits each tier. Analyse your information and determine the capacity and level of scalability for each data type. Remember to plan not just for what’s needed today, but also for what you anticipate requiring over the next three to five years.

You may find assigning storage systems to each tier challenging. After all, you want to put each data set into the lowest-cost storage possible while meeting access speed requirements. However, you also need to consider system scalability, since you don’t want to be constrained by the limited size and performance inherent in certain designs.

Step 3: Talk with your colleagues. If you haven’t included the various departments of your organisation until now, it’s time to do so. Talk to department heads about how the new system could change some data locations, and get each person to sign off on whatever you agree.

Once you’ve determined the tiers, it’s time to plan their implementation. Here are some questions to ask as you create your template for the system:

  • What are your organisation’s goals for the tiered system?
  • What kind of budget will you need? (Although your goal is to save money over time, a tiered system still calls for an initial investment.)
  • What kind of personnel resources will you need to create it? Do you have the necessary staff, or do you need to pull in experts?
  • How will the systems interconnect? (Create a map.)
  • How long will it take to get everything in place? Will crucial data be offline for any of that time?

Put Your Plan to the Test

Once you finally have a tiered storage solution in place, you’ve reached a milestone, but you’re still not quite finished. Be sure to test your system and continue monitoring it throughout its lifespan. Ask yourself:

1. Does it organise your organisation?

  • Does the system design meet your organisation’s needs?
  • Does its tier count address how you use data?
  • Does each tier below Tier 1 represent significant cost savings over the previous tier?
  • Does every tier get used? (You may have overplanned, and one or more tiers are sitting empty.)

2. Will it ultimately save you money?

  • Did the costs fall in line with your expectations?
  • Could you have worked more with outside vendors or have chosen different storage media?
  • Are you starting to save money from day one with the new storage options?

3. Is it efficient enough?

  • How are your various departments working with their new storage options? Are any of their day-to-day events limited by the tiers? If so, consider adjusting the plan.
  • Does each department understand the system, or is additional training needed?

Are you satisfied with the answers to these questions? If so, chances are your old, patchwork storage scheme has graduated with honours to a tiered storage system that matches storage medium to data type while saving money and providing better access to frequently used material.

Iron Mountain Suggests: Go Offsite for Savings

For companies used to storing all their information in onsite disk storage, tiering can offer dramatic savings. But what those organisations might not realise is that storing less-used data offsite with a backup tape system also delivers extra benefits, such as:

  • The ability to recover from catastrophic events that affect all the servers in an office, such as a terrorist attack or natural disasters like storms and flooding
  • Fast access to stored information to answer regulatory or legal requests
  • An archival system that lets you know exactly where your files are located.

Do you have questions about data backup and recovery? Read additional Knowledge Centre stories on this subject, or call us on - R.O.I 1800 732 673, N.I. 08445 60 70 80.